Evaluate the benefit of Linux operating system as interoperable and alternative NOS for the company in the form of a feasibility report to include the following:
- The comparative Networking features of Windows and Linux.
- Interoperability features of Ubuntu with the existing Microsoft Windows Workstations.
- You need to install Ubuntu on a machine and configure network services for Windows and Linux mainly for file sharing and printing. Necessary screen shots have to be provided.
- Enumerate the various costs associated with the performance, security, support, and maintenance of the Ubuntu within the bank.
What is Windows?
Microsoft Windows is a series of computer operating systems and GUIs (Graphical User Interfaces) produced by Microsoft Corporation. Windows was the first operating environment introduced by Microsoft in 1985 as an add-on to MS-DOS. Windows was introduced because of the growing interest in Graphical User Interfaces (GUIs). Then Windows dominated the world’s personal computer market, overtaking the Mac OS, which had been introduced previously.
Microsoft has introduced two parallel routes in their operating systems. One route is for Home users and the other route is for Professional IT users. The home versions have greater multimedia support and less ability for network and security. But Professional versions have low multimedia capabilities and better networking and security.
Windows operating systems are commercial products and we should purchase license in order to use the products. And also the source code of windows products are closed and owned by Microsoft.
Linux is a free and open source Operating System referring to Unix-type operating systems originally created by Linus Torvalds with the support of developers all over the world. Linux source code is freely available to everyone and anyone can freely modify and redistribute both commercially and non-commercially. Linux kernel can be defined as one of the best kernels that uses today. And further, many organizations have begun to use Linux based operating systems because of its high security and low cost.
Linux is well known for its use in servers. And also Linux can be installed on vast variety of hardware, such as mobile phones, watches, mainframes, supercomputers and etc. Fedora, Suse, Mandriva, Ubuntu, Kubuntu and Red Hat are some popular distributions of Linux.
Comparative Features of Windows and Linux
Security is a vital feature that every Operating System (OS) should provide. Because operating system is a key requirement of every computer system. Therefore everything depends on it. Malware or Malicious Software is a computer program that is designed by computer criminals in order to damage the systems and theft important information from computer systems. Therefore a network OS should have a thorough security. Without security, the network is vulnerable to larger number of threats.
Microsoft Windows OS is the most popular operating system in the world. It runs nearly 90% of desktop computers in the consumer market, and is the main operating system of the vast majority of commercial and institutional users. Therefore this makes windows equipped machines larger target of malware (or malicious software) which is written by computer criminals who want to cause much damage to the system. According to the surveys that conducted by Kaspersky Lab have revealed that more than 11,000 malware programs for windows were discovered just in the second half of 2005. And also nearly one million Windows based computers have been infected with Botnets (Botnet is a small computer program used to control other computers remotely). In windows based computer systems some malware are very hard to remove without using an Anti-Malware program.
In year 2006 approximately 800 Linux malware were discovered. Most of the malware are propagated through the Internet. Usually Linux based malware are extremely rare. But there may have a possibility of spreading malware to the Linux based systems if they are connected with Windows based systems. Because of the rarity of malware threats, there is no initial requirement for Anti-Malware programs in Linux based systems. But anti-malware software such as ClamAV and Panda Security are rarely used for Linux servers for more security.
Computer Network is a set of interconnected computers that is used to share resources such as printers, scanners, information, storage and etc. Therefore operating systems should support for reliable resource sharing. Reliable resource sharing increases the network’s performance. Linux and Windows belong to two different platforms. Though they provide different facilities, they provide they initial requirements of a network. Usually Linux performs well for file sharing and Windows performs well for Printer, Scanner and other hardware resources sharing.
For desktop or home use, Linux is very cheap or free, and Windows is so expensive. For sever use, Linux is very cheap when comparing with Windows. Microsoft allows a single copy of Windows to be used on only one computer. In contrast, once we have purchased Linux, we can run it on any number of computers for no additional change.
For instance in year 2005, Windows XP Professional Edition was sold for $200 and Windows Server 2003 Standard Edition with 10 Client licenses was sold for $1,100. But we can download Linux distributions freely from their web sites. Otherwise we can purchase a assorted distributions of Linux in a box with CD and manuals and technical support for around $40 to $80.
All software has and will have bugs (programming mistakes). Linux has a reputation for fewer bugs than Windows. Windows is developed by faceless programmers whose programming mistakes in Windows are hidden from the outside world because Microsoft does not publish the particular source code for Windows. Microsoft believe that their source code as a trade secret. In contrast, Linux is developed by hundreds of programmers all over the world. They publish the source code of the operating system to the world. Therefore it is stronger and less vulnerable for threats. That is why most of the organizations use Linux for their networks. Linux is getting update from many talented programmers all over the world.
When comparing with Linux network configuration, Windows configuration is easier. Because of generally Windows is based on GUI (Graphical User Interface). Therefore anyone can understand Windows based network configuration without having much knowledge. But Linux is generally based on Command Line or Terminal and there should have a good knowledge about Linux in order to implement a network by using Linux.
In Windows based systems the support NTFS, FAT, ISO 9660, UDF and others. But in Linux based systems they use ext2, ext3, ext4, ReiserFS, FAT, ISO 9660, UDF, NFS, JFS, XFS, and others.
When comparing with Windows, Linux supports for many file systems. But now Windows has 3rd party drivers for ex2, ex3, ReiserFS, HFS and others.
Windows operating systems based on the NT kernel and it much more stable than the other older versions of Windows. But if we are using unsigned or beta drivers, it can lead to decreased system stability.
Linux window manager is a key component of X-Windows based GUI system and can be highly stable. Mechanisms used to terminate badly behaving applications exist at multiple levels, such as Ksysguard and the kill command. If the GUI fails Linux can use a text based system. This feature is a powerful feature in Linux for network stability.
Interoperability features of Fedora 12 with Windows
Within this task I used Fedora 12 instead of Ubuntu. Windows and Fedora belong to two different platforms. Therefore their mechanisms are different. That is why the feature interoperability is needed. Interoperability can be defined as the ability to work with each other. In order to exchange messages between each different platform reliably without any errors or misunderstandings, there should have a common background between each platform. Likewise Windows and Linux (or Fedora 12) also has that kind of common grounds that support for exchange messages between each platform.
Samba can be defined as a re-implementation of SMB/CIFS networking protocols. It was developed by Australian Andrew Tridgell. It provides various facilities for file and printer sharing between Windows, UNIX and UNIX like systems such as Linux, Solaris, AIX, and Apple’s Mac OS X server systems.
Samba runs on most systems and now it has become a standard of most of the distributions of Linux (such as Fedora, Redhat, Mandriva, Suse and etc). When we need to share files and printers between different platforms such as Windows and Fedora, we should have to configure Samba. That is how we make interoperability between each platform.
DHCP is short for Dynamic Host Configuration Protocol, a protocol used for assigning dynamic IP addresses to devices on a network. With a dynamic addressing, a device can have a different IP addresses every time it connects to the network. Though some systems and devices are allow to change the IP addresses while it is still connected, DHCP also supports a mix of static and dynamic IP addresses.
DHCP simplifies the network administration because the DHCP server keeps the track of IP addresses rather than requiring an administrator to manage the task. I consider that the DHCP is also an interoperability feature because it can assign IP addresses to any platform such as Windows and Fedora. When a LAN network has a mixture of a Windows and Linux based computers, DHCP can assign IP addresses to all computers without a barrier of the platform.
X Windows System
The X Windows system is a windowing graphical user interface that almost, but completely, entirely unlike Microsoft Windows and the Macintosh. This X Windows System is an open, client/server system that for managing a windowed graphical user interfaces in distributed network. Earlier UNIX based systems used Shell as an interface. Shell is an inbuilt special program that allows users to enter commands in a CLI or Command Line Interface. But the new versions of UNIX-like systems heavily use X Windows as a Windows like graphical user interface.
Earlier it was very difficult to work with Windows and Linux through CLIs. Because of Window was completely GUI (Graphical User Interface) and Linux was completely CLI. But now the new distributions of Linux come with the X-Windows capability. Therefore now the both systems can work more reliably and easily as a whole.
X Windows is also an interoperability feature that is provided by Fedora 12 in order to work with windows systems much easily.
TCP/IP shorts for Transmission Control Protocol and Internet Protocol. Generally it is a protocol suit that is used for the internet. It provides easy communication across different platforms and provide basis for the global internet. And also it can be defined as a basic communication language or protocol of the Internet. It can also be used as a communications protocol in a private network (either an intranet or extranet). When we set up with direct access to internet, our computer is provided with a copy of the TCP/IP program just as every other computer that we may send messages to or get information from also has a copy of TCP/IP.
In an intranet there may have computers with different platforms such as Windows and Linux. But using TCP/IP protocol we can connect these computers. Both Windows and Linux distributions support for TCP/IP. Therefore it can also be considered as an interoperability feature of Windows and Linux.
DNS is Short for Domain Name System. DNS is an Internet service that translates domain names into IP addresses. Because domain names are alphabetic, they’re easier to remember. The internet is based on IP addresses. Every time when we use a domain name, DNS server must translate the name into the particular IP address. In intranets also some organizations use DNS servers to name their network computers. Though it is a Windows based computer or a Linux system, it carries out its task perfectly. Because DNS also has a interoperability feature to work with different platforms.
Enumerate the cost associated with the Performance, Security,Support and Maintenance of Fedora 12 within the Bank.
For this Task I used Fedora 12 instead of using Ubuntu. Because Ubuntu do not have an inbuilt a Samba server facilities and it should be downloaded as a third party tool. But Fedora 12 has those facilities for printer and file sharing.
Performance is a vital part of a network. The efficiency of a network depends on the hardware and software performance. To the bank’s network I used one of the distributions of Linux called Fedora 12 as the NOS (Network Operating System). Generally Linux based operating systems are lightweight and need low performances. As the other distributions of Linux, Fedora 12 is also a lightweight operating system that requires low performance hardware.
Bank is a place where many transactions are taken place every second across their branches and other networks. Therefore the bank’s network should be stable and reliable. Due to these reasons a bank should use trusted and reliable hardware and software in order to increase their network performances. Usually the costs of network devices are relatively high in the modern market. And also the network operating systems like Windows are extremely expensive. Therefore by using a free and open source OS like Fedora 12 we can reduce the money wastage. Further it does not need high performance computers for installation and does not consume lots of hard disk space like Windows does. Fedora 12 provides online updations and does not have a limit on installation. One copy of Windows can be installed to a one computer only. Otherwise we have to buy license. But Fedora 12 can be installed to any number of computers without any limitations.
According to those above reasons I think that Fedora 12 provides good performances and also it is more cost effective when comparing with Windows.
Security is a key requirement of a network. Otherwise anyone and any malware can attack and theft the important information from the network. Therefore OS (Network Operating System) developers try to increase OS’s security features. If there’s no security within an OS, then it is totally fails.
Fedora 12 is a distribution of Linux and it is categorized as Free and Open Source Software. Linux based systems and their source codes are freely available to anyone and can be modified as required. Fedora 12 has also been developed by many programmers all over the world and it is a strong operating system. But windows based systems are commercial OSs and they do not publish their source code to the public. Therefore it is developed by limited programmers and there security is also limited. That is why we need third party security tools to protect windows based systems. The third party trusted and reliable Anti-Virus guards or third party security systems are more expensive and it is an additional cost to the windows based systems.
But Fedora 12 has a strong in-built security mechanism (but Windows don’t have) such as DPI (Data Packet Inspection) and ISD (Intrusion Detection System). Because it is developed by many programmers all over the world. Therefore it doesn’t need any third party virus guards. The cost for additional security efforts has reduced in Fedora 12. Therefore Fedora 12 is a cost effective operating system when comparing with Windows. And also it is the best choice for a cost effective bank’s network system.
Computer operating systems and other software are not 100% perfect. That is why the manufactures provide support for their products. When a problem is taken place in a system, we can get the manufacturers’ support to solve the problem. And also manufactures provide patches and other updations to reduce the vulnerabilities of their products.
Microsoft Windows also provide free updations and online support for their products after they are purchased. Though Windows provides free online support services for their products without any payments, Fedora and other Linux based operating systems do not provide free support services. If we need to get a support from Linux based system, we should pay some amount of money for their service. But they provide 24 hours update service for their products.
In Fedora should have to pay for their services. Though the support service is not cost effective for the bank, the OS is totally free for download.
After installation and Configuration every computer system need to be well maintained. Windows systems are much easy to maintain because it doesn’t need well trained persons (compared with Linux). But Linux systems are more complex and cannot install, configure and maintain if there’s no knowledge of it.
In order to maintain the Fedora system in the bank, the bank needs a well trained personnel or network administrator. Anyone cannot maintain a Linux system; therefore the cost of a Linux based network system administrator is higher when comparing with a Windows Network System Administrator. Manufactures support is always need for system maintenance. But we need to buy the service advices in Fedora form its manufacture.
Research and produce a comprehensive project plan for the implementation of a VPN within the company. This should include the following:
- A brief overview of current VPN technologies (both hardware and software).
- Design a suitable VPN using appropriate Internet Service Providers (IPS) for the requirements of the bank.
- Identify and list the hardware and software required to implement the bank’s VPN.
- Produce a schedule for the implementation of the VPN, detailing the installation of any necessary hardware, network operating system upgrades and associated applications software required.
- Write a section of the report on the responsibilities and level of service required from an ISP in order to implement a successful VPN within the company.
Although the topic VPN or a Virtual Private Network is a much complex subject in networking field, the basic idea of a VPN is quite simple. A corporation may have a number of officers (or group of officers) in different locations, and each of these locations can have its own local network. In many corporations there are many employees working remotely by connecting to the corporation’s local network at home or on the road. And also business partners can join together in extranets to share business information. Interconnecting these separate networks and locations over a public network is called a VPN or a Virtual Private Network.
The apparent simplicity of VPN makes us think that it is a simple concept. But there is an ever-increasing number of VPN types, and a huge range of
technologies for implementing VPNs are available today. This makes us easy to decide the most appropriate VPN solution for our need. The most common way to interconnect sites has been to use ATM or Frame Relay (FR) leased lines supplied by a service provider.
The following parts of this task describe the VPN technologies, cost effective hardware and software solutions and responsibilities and level of services required from the ISP (Internet Service Provider).
As I mentioned above, VPN is a complex subject in networking. Therefore different sort of VPN technologies are introduced for different purposes. These technologies provide secure and cost effective solutions for telecommuters, home based workers, road warriors, remote sales people, mobile executives and also for global business.
Within this task I expect to provide a short description about the current VPN technologies that are widely used today. I divide these technologies into two major parts such as Hardware Technologies and Software Technologies. According to my perception, I believe that the VPN protocols that are used to establish a VPN connection should also be a part of the software technologies. Because these protocols are created by using specialized algorithms and programming languages. Therefore I consider those protocols as Software Technologies within this task.
PPP (Point-to-Point Protocol)
PPTP (Point-to-Point Tunneling Protocol) and L2TP (Layer 2 Tunneling Protocol) protocol technologies are heavily based on this PPP (Point-to-Point protocol) technology. PPP was designed to send data across dial-up or dedicated connections. PPP technology is used to encapsulate IP packets within PPP frames and then transmits the encapsulated packets across a point-to-point link. PPP was specially designed to use between dial-up clients and NASs (Network Attached Storage).
PPTP (Point-to-Point Tunneling Protocol)
PPTP is one of VPN’s first protocols built on PPP (Point-to-Point Protocol) to provide remote access for VPN solutions. PPTP technology encapsulates PPP frames in IP datagrams using GRE or Generic Routing Protocol. PPTP uses authentication techniques within PPP. PPTP can be used for remote access and router-to-router VPN connections. The Point-to-Point Tunneling Protocol (PPTP) uses TCP (Transmission Control Protocol) connection for tunnel management and GRE for encapsulation.
L2F (Layer Two Forwarding Protocol)
L2F was designed to transmit data from corporate sites to their users by using tunnels. This protocol or VPN technology was first implemented in CISCO products. L2F doesn’t depend on IP and it’s the only way that it differs from PPTP. This protocol accepts other authentication mechanisms and allows tunnels to support more than one connection. L2F uses PPP for authenticate the remote user and it’s done twice at the ISP and then the second at the gateway to the connecting LAN. This is a Layer-2 protocol and handles IPX and NetBEUI as well.
L2TP (Layer Two Tunneling Protocol)
L2TP is a combination of L2F and PPTP and it exists in the second layer of the OSI reference model. That is why it named as Layer 2 Tunneling Protocol. L2TP is defied for packet media, Frame relay, ATM and X.25. It has its own tunneling protocol and uses PPP’s PAP and other advanced mechanisms for authentication. Its encryption method is based on IPSec (Internet Protocol Security).
IPSec (Internet Protocol Security)
IPSec is a solution for VPN security and it exists in the third layer of the OSI reference model. IPSec uses number of encryption technologies to provide confidentiality and integrity of data. IPSec allows senders to authenticate and encrypt each packet. There are two modes of IPSec such as Transport mode and Tunnel mode. These two modes depend on the situation of security and traffic. Transport mode authenticates and encrypts the transport segment of an IP packet, and tunnel mode authenticates and encrypts the whole IP packet.
VPN Client Software
VPN Client software provides protected access to corporate resources via wireless, broadband, and dial-up connections with robust encryption and broad support across multiple connection types. Most of the modern VPN software simplifies the configurations of security policies and management of certificates through its graphical user interface. Microsoft, Netgear, Stone Gate and CISCO are some popular manufactures for VPN client software (But each of these manufactures use different sort of technologies to implement these VPN client software).
In network communication, data are transferred in the form of packets. Usually a router is a hardware device or a computer that looks at the IP packets and decides how to forward it. Routers operate at the network layer of the OSI reference model and that is used to connect networks or connect the networks to the internet. When a packet is received from the NIC (Network Interface Card) card, the router reads the IP address on the packet and forwards it to the appropriate network interface. The packet forwarding depends on the IP address and routing information that contains in the packet header. Even if the network architecture differs, the router has the capability to connect them. Though it can connect different network architectures, I cannot transform data from one data format to another (TCP/IP to IPX/SPX).
Software for VPN router functions or normal router functions can be added to a server or a specialized computer that is optimized for communication.
VPN Concentrator is a device that is used to combine several communications channels into one. And also it is further used to tie multiple terminals together into one line. Although a device called Multiplexor carries out the same function as VPN concentrator, the total bandwidth of the concentrator’s inputs is not equals to its outputs. The concentrator has the ability to store data temporary but the multiplexor does not have this ability.
An Ethernet hub, which is a multiport repeater, is sometimes called as a “concentrator”.
Although a VPN Gateway can be implemented as both Hardware and Software, I consider this as a hardware technology because for the ease of categorization. VPN Gateway is a device (can be a Hardware/Software) that is used to convert packets from one network protocol to another. Gateway acts as an entry and exit point of data where some kind of processing is done on the information that passes through it. Sometimes the VPN Gateway also called as a router or Layer 3 Switch.
Gateway is a device that is used to join two networks together. It can be implemented completely in hardware, completely in software or as a combination of both.
Firewall can be implemented as both hardware and software or as a combination of both. But I included VPN Firewalls in the VPN Hardware category because for the ease of categorization.
Network security is a major need of an organization. Firewall is one such solution that allows the computer to prevent unauthorized access of any application on the computer. Firewalls monitor traffic in the computer or the network. This monitoring can be done by the software in the computer or router. When using a VPN in an organization, the organization has a great requirement of using a firewall solution. Because of there may have a possibility of unauthorized access to the organization’s confidential information. By using VPN firewall technology we can reduce the outside threats.
Even though the above technologies directly look like just software and hardware, they all have a complex technology encapsulated within them. The above VPN technologies are widely used within the modern VPNs.
Description of Bank’s VPN
Due to the requirements of the bank I designed a VPN that provides cost effective networking solutions. The bank needs their agents and branches to connect to the bank’s network secure through VPN. Therefore I designed a network that provides the above facilities. When designing the bank’s network I assumed that the particular bank is the head office and the agent is another organization. Although the bank may have many agents and branches, I’ve mentioned only one agent and a one branch within this network overview.
Banks’ head office is the place where many of the confidential information about the transactions are stored. Therefore its network should be more secure than any other else. According to my VPN design I connected the bank’s network to the internet through an ISP (Internet Service Provider) in order to get the VPN access. The bank connects with the ISP directly using a VPN Router (this router is highly configured and cannot be accessed by the unauthorized VPN clients). Then I added a DMZ (Demilitarized Zone) in order to secure the LAN network from the unauthorized access. If the File server was implemented within the DMZ, it may vulnerable to the threats and there may have a possibility of information thefts. Therefore I implemented the File Server far away from the DMZ and it’s secured with two highly configured firewalls. Though someone can get into the DMZ in order to access the Web Server, he/she cannot penetrate the other firewall without proper authenticate information. All the computers within the Bank’s network can access the WEB server and File server according to their assigned privileges. Other agents and branches have rights to access the bank’s network (using Router to Router connection).
Even though the VPN Routers and Firewalls (Hardware) are much expensive, they provide a great security to the Bank network. In order to reduce the software cost I recommend free and open source software for both servers and clients such as Linux, Open Office and etc.
Hardware and Software required to implement the bank’s VPN
According to my VPN design I need several kinds of software and hardware to implement the network. Therefore I’ve chosen some products to which supports for VPN. Some products are little bit expensive but provide high security and reliable service to the banks network. When choosing the software to the network implementation, I’ve chosen some widely needed software.
SMC Barricade VPN BR21VPN – Router – SMCBR21VPN
The Barricade router which has built-in VPN support is an ideal networking solution for VPN. This router consists of load balancing WAN ports, DMZ (Demilitarized Zone) port and a 10/100 LAN port. It has a built in firewall to protect the network from the edge. This router supports protocols such as TCP/IP, VPN connections with PPTP and IPSec. The in-built firewall provides a great protection against DOS attacks (Denial of Service attacks) and also it provides flexible Access Control. This router has the ability to access remote corporate network securely through an authenticated and encrypted tunnel over the internet.
NetGear Pro-Safe switch is suitable for high-speed network on a small scale. This switch consists of five auto-speed-sensing 10/100/1000 Mbps UTP ports. And also this it has the capability to handle huge workloads (this feature is more useful because of the Web Server is connected to this switch within my VPN design). This switch can move large files across the network instantly and let devices to connect to the network painlessly. The metal chassis protects the interior working parts from physical damages.
Cisco FastHub 424 Ethernet Hub (WS-C424M)
The CISCO FastHub 424 10/100 of high-performance Fast Ethernet repeaters deliver unmatched flexibility and low-cost managed connectivity to the desktop. The FastHub 424 10/100 provides ultra low-cost 10/100 autosensing desktop connectivity where dedicated bandwidth is not required. The FastHub 424 will be deployed as a high-performance solution for providing 10/100 Fast Ethernet connectivity to the desktop. This hub provides dedicated connections over extended distance (up to 2Kms) to upstream switches or routers.
NetGear ProSafe FVS338 Firewall supports for 50 VPN Tunnels for Encrypted Remote Access. This VPN firewall with 8 Port 10/100 switch and Dial Back-up is an SNMP-Manageable, High Performance network solution that furnishes multidimensional security. Broadband capable VPN firewall comes with connection ins